@cloud-copilot/iam-data 0.15.202512181 → 0.15.202512191

package/data/actions/ec2.json

@@ -1107,6 +1107,27 @@
     ],
     "dependentActions": []
   },
+  "attachappliancetonatgateway": {
+    "name": "AttachApplianceToNatGateway",
+    "isPermissionOnly": true,
+    "description": "Grants permission to attach an appliance with a public/private Natgateway",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "natgateway",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "attachclassiclinkvpc": {
     "name": "AttachClassicLinkVpc",
     "description": "Grants permission to link an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups",
@@ -2398,6 +2419,16 @@
           "iam:PassRole"
         ]
       },
+      {
+        "name": "natgateway",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:Vpc"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "network-interface",
         "required": false,
@@ -2728,6 +2759,44 @@
     ],
     "dependentActions": []
   },
+  "createinterruptiblecapacityreservationallocation": {
+    "name": "CreateInterruptibleCapacityReservationAllocation",
+    "description": "Grants permission to create an interruptible Capacity Reservation by specifying the number of unused instances you want to allocate from your source reservation",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "capacity-reservation",
+        "required": true,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:AvailabilityZone",
+          "ec2:AvailabilityZoneId",
+          "ec2:CreateDate",
+          "ec2:EbsOptimized",
+          "ec2:EndDate",
+          "ec2:EndDateType",
+          "ec2:InstanceCount",
+          "ec2:InstanceMatchCriteria",
+          "ec2:InstancePlatform",
+          "ec2:InstanceType",
+          "ec2:InterruptibleCapacityReservationId",
+          "ec2:InterruptionType",
+          "ec2:IsInterruptible",
+          "ec2:SourceCapacityReservationId",
+          "ec2:TargetInstanceCount",
+          "ec2:Tenancy"
+        ],
+        "dependentActions": [
+          "ec2:CreateTags"
+        ]
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "createipam": {
     "name": "CreateIpam",
     "description": "Grants permission to create an Amazon VPC IP Address Manager (IPAM)",
@@ -2782,6 +2851,37 @@
     ],
     "dependentActions": []
   },
+  "createipampolicy": {
+    "name": "CreateIpamPolicy",
+    "description": "Grants permission to create a policy in Amazon VPC IP Address Manager (IPAM) that defines rules for allocating public IPv4 addresses from IPAM pools to AWS resources",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "ipam",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": [
+          "ec2:CreateTags"
+        ]
+      },
+      {
+        "name": "ipam-policy",
+        "required": true,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:TagKeys"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "createipampool": {
     "name": "CreateIpamPool",
     "description": "Grants permission to create an IP address pool for Amazon VPC IP Address Manager (IPAM), which is a collection of contiguous IP address CIDRs",
@@ -2813,6 +2913,77 @@
     ],
     "dependentActions": []
   },
+  "createipamprefixlistresolver": {
+    "name": "CreateIpamPrefixListResolver",
+    "description": "Grants permission to create an IPAM prefix list resolver that defines rules for selecting CIDRs to include in prefix lists",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "ipam",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": [
+          "ec2:CreateTags"
+        ]
+      },
+      {
+        "name": "ipam-prefix-list-resolver",
+        "required": true,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:TagKeys"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "ipam-scope",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "createipamprefixlistresolvertarget": {
+    "name": "CreateIpamPrefixListResolverTarget",
+    "description": "Grants permission to create an IPAM prefix list resolver target that links a resolver to a managed prefix list",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "ipam-prefix-list-resolver",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": [
+          "ec2:CreateTags"
+        ]
+      },
+      {
+        "name": "ipam-prefix-list-resolver-target",
+        "required": true,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:TagKeys"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "createipamresourcediscovery": {
     "name": "CreateIpamResourceDiscovery",
     "description": "Grants permission to create an IPAM resource discovery",
@@ -3275,9 +3446,21 @@
           "ec2:CreateTags"
         ]
       },
+      {
+        "name": "elastic-ip",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:AllocationId",
+          "ec2:Domain",
+          "ec2:PublicIpAddress",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "subnet",
-        "required": true,
+        "required": false,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
           "ec2:AvailabilityZone",
@@ -3289,14 +3472,15 @@
         "dependentActions": []
       },
       {
-        "name": "elastic-ip",
+        "name": "vpc",
         "required": false,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
-          "ec2:AllocationId",
-          "ec2:Domain",
-          "ec2:PublicIpAddress",
-          "ec2:ResourceTag/${TagKey}"
+          "ec2:Ipv4IpamPoolId",
+          "ec2:Ipv6IpamPoolId",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:Tenancy",
+          "ec2:VpcID"
         ],
         "dependentActions": []
       }
@@ -3580,6 +3764,29 @@
     ],
     "dependentActions": []
   },
+  "createodbnetworkpeering": {
+    "name": "CreateOdbNetworkPeering",
+    "isPermissionOnly": true,
+    "description": "Grants permission to allow Oracle Database@AWS to create a peering connection between an ODB network and a VPC",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "vpc",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:Tenancy",
+          "ec2:VpcID"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "createplacementgroup": {
     "name": "CreatePlacementGroup",
     "description": "Grants permission to create a placement group",
@@ -4533,6 +4740,17 @@
         ],
         "dependentActions": []
       },
+      {
+        "name": "ipam-policy",
+        "required": false,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:ResourceTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "ipam-pool",
         "required": false,
@@ -4544,6 +4762,28 @@
         ],
         "dependentActions": []
       },
+      {
+        "name": "ipam-prefix-list-resolver",
+        "required": false,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:ResourceTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "ipam-prefix-list-resolver-target",
+        "required": false,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:ResourceTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "ipam-resource-discovery",
         "required": false,
@@ -4796,6 +5036,7 @@
           "aws:RequestTag/${TagKey}",
           "aws:ResourceTag/${TagKey}",
           "aws:TagKeys",
+          "ec2:IpamPrefixListResolverTargetId",
           "ec2:ResourceTag/${TagKey}"
         ],
         "dependentActions": []
@@ -5041,6 +5282,18 @@
         ],
         "dependentActions": []
       },
+      {
+        "name": "transit-gateway-metering-policy",
+        "required": false,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:ResourceTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:transitGatewayMeteringPolicyId"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "transit-gateway-multicast-domain",
         "required": false,
@@ -5202,6 +5455,17 @@
         ],
         "dependentActions": []
       },
+      {
+        "name": "vpc-encryption-control",
+        "required": false,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:ResourceTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "vpc-endpoint",
         "required": false,
@@ -5274,6 +5538,17 @@
         ],
         "dependentActions": []
       },
+      {
+        "name": "vpn-concentrator",
+        "required": false,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:ResourceTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "vpn-connection",
         "required": false,
@@ -5550,9 +5825,83 @@
     ],
     "dependentActions": []
   },
-  "createtransitgatewaymulticastdomain": {
-    "name": "CreateTransitGatewayMulticastDomain",
-    "description": "Grants permission to create a multicast domain for a transit gateway",
+  "createtransitgatewaymeteringpolicy": {
+    "name": "CreateTransitGatewayMeteringPolicy",
+    "description": "Grants permission to create a metering policy for a transit gateway",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "transit-gateway",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:transitGatewayId"
+        ],
+        "dependentActions": [
+          "ec2:CreateTags"
+        ]
+      },
+      {
+        "name": "transit-gateway-metering-policy",
+        "required": true,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:transitGatewayMeteringPolicyId"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "transit-gateway-attachment",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:transitGatewayAttachmentId"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "createtransitgatewaymeteringpolicyentry": {
+    "name": "CreateTransitGatewayMeteringPolicyEntry",
+    "description": "Grants permission to create an entry for a transit gateway metering policy",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "transit-gateway-metering-policy",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:transitGatewayMeteringPolicyId"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "transit-gateway-attachment",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:transitGatewayAttachmentId"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "createtransitgatewaymulticastdomain": {
+    "name": "CreateTransitGatewayMulticastDomain",
+    "description": "Grants permission to create a multicast domain for a transit gateway",
     "accessLevel": "Write",
     "resourceTypes": [
       {
@@ -6135,6 +6484,39 @@
     ],
     "dependentActions": []
   },
+  "createvpcencryptioncontrol": {
+    "name": "CreateVpcEncryptionControl",
+    "description": "Grants permission to create a VPC Encryption Control",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "vpc",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:Tenancy",
+          "ec2:VpcID"
+        ],
+        "dependentActions": [
+          "ec2:CreateTags"
+        ]
+      },
+      {
+        "name": "vpc-encryption-control",
+        "required": true,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:TagKeys"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "createvpcendpoint": {
     "name": "CreateVpcEndpoint",
     "description": "Grants permission to create a VPC endpoint for an AWS service",
@@ -6163,6 +6545,8 @@
           "aws:RequestTag/${TagKey}",
           "aws:TagKeys",
           "ec2:VpceMultiRegion",
+          "ec2:VpcePrivateDnsPreference",
+          "ec2:VpcePrivateDnsSpecifiedDomains",
           "ec2:VpceServiceName",
           "ec2:VpceServiceOwner",
           "ec2:VpceServiceRegion"
@@ -6297,6 +6681,38 @@
     ],
     "dependentActions": []
   },
+  "createvpnconcentrator": {
+    "name": "CreateVpnConcentrator",
+    "description": "Grants permission to create a VPN concentrator that aggregates multiple VPN connections to a transit gateway",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "vpn-concentrator",
+        "required": true,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:TagKeys"
+        ],
+        "dependentActions": [
+          "ec2:CreateTags"
+        ]
+      },
+      {
+        "name": "transit-gateway",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:transitGatewayId"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "createvpnconnection": {
     "name": "CreateVpnConnection",
     "description": "Grants permission to create a VPN connection between a virtual private gateway or transit gateway and a customer gateway",
@@ -6360,6 +6776,15 @@
         ],
         "dependentActions": []
       },
+      {
+        "name": "vpn-concentrator",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "vpn-gateway",
         "required": false,
@@ -6828,6 +7253,26 @@
     ],
     "dependentActions": []
   },
+  "deleteipampolicy": {
+    "name": "DeleteIpamPolicy",
+    "description": "Grants permission to delete an Amazon VPC IP Address Manager (IPAM) policy",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "ipam-policy",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "deleteipampool": {
     "name": "DeleteIpamPool",
     "description": "Grants permission to delete an Amazon VPC IP Address Manager (IPAM) pool",
@@ -6848,6 +7293,46 @@
     ],
     "dependentActions": []
   },
+  "deleteipamprefixlistresolver": {
+    "name": "DeleteIpamPrefixListResolver",
+    "description": "Grants permission to delete an IPAM prefix list resolver",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "ipam-prefix-list-resolver",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "deleteipamprefixlistresolvertarget": {
+    "name": "DeleteIpamPrefixListResolverTarget",
+    "description": "Grants permission to delete an IPAM prefix list resolver target",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "ipam-prefix-list-resolver-target",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "deleteipamresourcediscovery": {
     "name": "DeleteIpamResourceDiscovery",
     "description": "Grants permission to delete an IPAM resource discovery",
@@ -7112,6 +7597,7 @@
         "required": true,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
+          "ec2:IpamPrefixListResolverTargetId",
           "ec2:ResourceTag/${TagKey}"
         ],
         "dependentActions": []
@@ -7316,6 +7802,29 @@
     ],
     "dependentActions": []
   },
+  "deleteodbnetworkpeering": {
+    "name": "DeleteOdbNetworkPeering",
+    "isPermissionOnly": true,
+    "description": "Grants permission to allow Oracle Database@AWS to delete a peering connection between an ODB network and a VPC",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "vpc",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:Tenancy",
+          "ec2:VpcID"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "deleteplacementgroup": {
     "name": "DeletePlacementGroup",
     "description": "Grants permission to delete a placement group",
@@ -7323,7 +7832,7 @@
     "resourceTypes": [
       {
         "name": "placement-group",
-        "required": false,
+        "required": true,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
           "ec2:PlacementGroupName",
@@ -7953,6 +8462,17 @@
         ],
         "dependentActions": []
       },
+      {
+        "name": "ipam-policy",
+        "required": false,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:ResourceTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "ipam-pool",
         "required": false,
@@ -7964,6 +8484,28 @@
         ],
         "dependentActions": []
       },
+      {
+        "name": "ipam-prefix-list-resolver",
+        "required": false,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:ResourceTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "ipam-prefix-list-resolver-target",
+        "required": false,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:ResourceTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "ipam-resource-discovery",
         "required": false,
@@ -8426,6 +8968,17 @@
         ],
         "dependentActions": []
       },
+      {
+        "name": "transit-gateway-metering-policy",
+        "required": false,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:ResourceTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "transit-gateway-multicast-domain",
         "required": false,
@@ -8569,6 +9122,17 @@
         ],
         "dependentActions": []
       },
+      {
+        "name": "vpc-encryption-control",
+        "required": false,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:ResourceTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "vpc-endpoint",
         "required": false,
@@ -8635,6 +9199,17 @@
         ],
         "dependentActions": []
       },
+      {
+        "name": "vpn-concentrator",
+        "required": false,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:ResourceTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "vpn-connection",
         "required": false,
@@ -8816,6 +9391,48 @@
     ],
     "dependentActions": []
   },
+  "deletetransitgatewaymeteringpolicy": {
+    "name": "DeleteTransitGatewayMeteringPolicy",
+    "description": "Grants permission to delete a transit gateway metering policy",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "transit-gateway-metering-policy",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:transitGatewayMeteringPolicyId"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "deletetransitgatewaymeteringpolicyentry": {
+    "name": "DeleteTransitGatewayMeteringPolicyEntry",
+    "description": "Grants permission to delete an entry from a transit gateway metering policy",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "transit-gateway-metering-policy",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:transitGatewayMeteringPolicyId"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "deletetransitgatewaymulticastdomain": {
     "name": "DeleteTransitGatewayMulticastDomain",
     "description": "Grants permission to delete a transit gateway multicast domain",
@@ -9147,6 +9764,26 @@
     ],
     "dependentActions": []
   },
+  "deletevpcencryptioncontrol": {
+    "name": "DeleteVpcEncryptionControl",
+    "description": "Grants permission to delete a VPC Encryption Control",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "vpc-encryption-control",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "deletevpcendpointconnectionnotifications": {
     "name": "DeleteVpcEndpointConnectionNotifications",
     "description": "Grants permission to delete one or more VPC endpoint connection notifications",
@@ -9246,6 +9883,26 @@
     ],
     "dependentActions": []
   },
+  "deletevpnconcentrator": {
+    "name": "DeleteVpnConcentrator",
+    "description": "Grants permission to delete a VPN concentrator",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "vpn-concentrator",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "deletevpnconnection": {
     "name": "DeleteVpnConnection",
     "description": "Grants permission to delete a VPN connection",
@@ -9676,6 +10333,16 @@
     ],
     "dependentActions": []
   },
+  "describecapacityreservationtopology": {
+    "name": "DescribeCapacityReservationTopology",
+    "description": "Grants permission to describe the topology of one or more Capacity Reservations",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "describecapacityreservations": {
     "name": "DescribeCapacityReservations",
     "description": "Grants permission to describe one or more Capacity Reservations",
@@ -10249,6 +10916,26 @@
     ],
     "dependentActions": []
   },
+  "describeinstancesqlhahistorystates": {
+    "name": "DescribeInstanceSqlHaHistoryStates",
+    "description": "Grants permission to describe EC2 instance SQL HA history states",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "describeinstancesqlhastates": {
+    "name": "DescribeInstanceSqlHaStates",
+    "description": "Grants permission to describe EC2 instance SQL HA states",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "describeinstancestatus": {
     "name": "DescribeInstanceStatus",
     "description": "Grants permission to describe the status of one or more instances",
@@ -10329,6 +11016,16 @@
     ],
     "dependentActions": []
   },
+  "describeipampolicies": {
+    "name": "DescribeIpamPolicies",
+    "description": "Grants permission to describe Amazon VPC IP Address Manager (IPAM) policies",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "describeipampools": {
     "name": "DescribeIpamPools",
     "description": "Grants permission to describe Amazon VPC IP Address Manager (IPAM) pools",
@@ -10339,6 +11036,26 @@
     ],
     "dependentActions": []
   },
+  "describeipamprefixlistresolvertargets": {
+    "name": "DescribeIpamPrefixListResolverTargets",
+    "description": "Grants permission to describe IPAM prefix list resolver targets",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "describeipamprefixlistresolvers": {
+    "name": "DescribeIpamPrefixListResolvers",
+    "description": "Grants permission to describe IPAM prefix list resolvers",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "describeipamresourcediscoveries": {
     "name": "DescribeIpamResourceDiscoveries",
     "description": "Grants permission to describe IPAM resource discoveries",
@@ -11102,6 +11819,16 @@
     ],
     "dependentActions": []
   },
+  "describetransitgatewaymeteringpolicies": {
+    "name": "DescribeTransitGatewayMeteringPolicies",
+    "description": "Grants permission to describe one or more transit gateway metering policies",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "describetransitgatewaymulticastdomains": {
     "name": "DescribeTransitGatewayMulticastDomains",
     "description": "Grants permission to describe one or more transit gateway multicast domains",
@@ -11367,6 +12094,16 @@
     ],
     "dependentActions": []
   },
+  "describevpcencryptioncontrols": {
+    "name": "DescribeVpcEncryptionControls",
+    "description": "Grants permission to describe one or more VPC Encryption Controls",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "describevpcendpointassociations": {
     "name": "DescribeVpcEndpointAssociations",
     "description": "Grants permission to describe the VPC endpoint associations",
@@ -11469,6 +12206,16 @@
     ],
     "dependentActions": []
   },
+  "describevpnconcentrators": {
+    "name": "DescribeVpnConcentrators",
+    "description": "Grants permission to describe one or more VPN concentrators",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "describevpnconnections": {
     "name": "DescribeVpnConnections",
     "description": "Grants permission to describe one or more VPN connections",
@@ -11489,6 +12236,27 @@
     ],
     "dependentActions": []
   },
+  "detachappliancefromnatgateway": {
+    "name": "DetachApplianceFromNatGateway",
+    "isPermissionOnly": true,
+    "description": "Grants permission to detach an appliance from a public/private Natgateway",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "natgateway",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "detachclassiclinkvpc": {
     "name": "DetachClassicLinkVpc",
     "description": "Grants permission to unlink (detach) a linked EC2-Classic instance from a VPC",
@@ -11940,6 +12708,41 @@
     ],
     "dependentActions": []
   },
+  "disableinstancesqlhastandbydetections": {
+    "name": "DisableInstanceSqlHaStandbyDetections",
+    "description": "Grants permission to disable EC2 instance SQL HA standby detections",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "instance",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:AvailabilityZone",
+          "ec2:AvailabilityZoneId",
+          "ec2:EbsOptimized",
+          "ec2:InstanceAutoRecovery",
+          "ec2:InstanceBandwidthWeighting",
+          "ec2:InstanceID",
+          "ec2:InstanceMarketType",
+          "ec2:InstanceMetadataTags",
+          "ec2:InstanceProfile",
+          "ec2:InstanceType",
+          "ec2:MetadataHttpEndpoint",
+          "ec2:MetadataHttpPutResponseHopLimit",
+          "ec2:MetadataHttpTokens",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:RootDeviceType",
+          "ec2:Tenancy"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "disableipamorganizationadminaccount": {
     "name": "DisableIpamOrganizationAdminAccount",
     "description": "Grants permission to disable an AWS Organizations member account as an Amazon VPC IP Address Manager (IPAM) admin account",
@@ -11952,6 +12755,26 @@
       "organizations:DeregisterDelegatedAdministrator"
     ]
   },
+  "disableipampolicy": {
+    "name": "DisableIpamPolicy",
+    "description": "Grants permission to disable a policy in Amazon VPC IP Address Manager (IPAM) that controls public IPv4 address allocation",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "ipam-policy",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "disablerouteserverpropagation": {
     "name": "DisableRouteServerPropagation",
     "description": "Grants permission to disable route server propagation",
@@ -12928,6 +13751,41 @@
     ],
     "dependentActions": []
   },
+  "enableinstancesqlhastandbydetections": {
+    "name": "EnableInstanceSqlHaStandbyDetections",
+    "description": "Grants permission to enable EC2 instance SQL HA standby detections",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "instance",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:AvailabilityZone",
+          "ec2:AvailabilityZoneId",
+          "ec2:EbsOptimized",
+          "ec2:InstanceAutoRecovery",
+          "ec2:InstanceBandwidthWeighting",
+          "ec2:InstanceID",
+          "ec2:InstanceMarketType",
+          "ec2:InstanceMetadataTags",
+          "ec2:InstanceProfile",
+          "ec2:InstanceType",
+          "ec2:MetadataHttpEndpoint",
+          "ec2:MetadataHttpPutResponseHopLimit",
+          "ec2:MetadataHttpTokens",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:RootDeviceType",
+          "ec2:Tenancy"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "enableipamorganizationadminaccount": {
     "name": "EnableIpamOrganizationAdminAccount",
     "description": "Grants permission to enable an AWS Organizations member account as an Amazon VPC IP Address Manager (IPAM) admin account",
@@ -12942,6 +13800,26 @@
       "organizations:RegisterDelegatedAdministrator"
     ]
   },
+  "enableipampolicy": {
+    "name": "EnableIpamPolicy",
+    "description": "Grants permission to enable an Amazon VPC IP Address Manager (IPAM) policy",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "ipam-policy",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "enablereachabilityanalyzerorganizationsharing": {
     "name": "EnableReachabilityAnalyzerOrganizationSharing",
     "description": "Grants permission to enable organization sharing of reachability analyzer",
@@ -13545,6 +14423,16 @@
     ],
     "dependentActions": []
   },
+  "getenabledipampolicy": {
+    "name": "GetEnabledIpamPolicy",
+    "description": "Grants permission to describe the currently enabled policy in Amazon VPC IP Address Manager (IPAM)",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "getflowlogsintegrationtemplate": {
     "name": "GetFlowLogsIntegrationTemplate",
     "description": "Grants permission to generate a CloudFormation template to streamline the integration of VPC flow logs with Amazon Athena",
@@ -13595,6 +14483,31 @@
     ],
     "dependentActions": []
   },
+  "getimageancestry": {
+    "name": "GetImageAncestry",
+    "description": "Grants permission to retrieve the ancestry chain of an AMI back to its root AMI",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "image",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ImageID",
+          "ec2:ImageType",
+          "ec2:Owner",
+          "ec2:Public",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:RootDeviceType"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "getimageblockpublicaccessstate": {
     "name": "GetImageBlockPublicAccessState",
     "description": "Grants permission to get the current state of block public access for AMIs at the account level in the specified AWS Region",
@@ -13728,7 +14641,107 @@
     "accessLevel": "Read",
     "resourceTypes": [
       {
-        "name": "ipam-resource-discovery",
+        "name": "ipam-resource-discovery",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "getipamdiscoveredpublicaddresses": {
+    "name": "GetIpamDiscoveredPublicAddresses",
+    "description": "Grants permission to retrieve the public IP addresses that have been discovered by IPAM",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "ipam-resource-discovery",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "getipamdiscoveredresourcecidrs": {
+    "name": "GetIpamDiscoveredResourceCidrs",
+    "description": "Grants permission to retrieve the resource CIDRs that are monitored as part of a resource discovery",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "ipam-resource-discovery",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "getipampolicyallocationrules": {
+    "name": "GetIpamPolicyAllocationRules",
+    "description": "Grants permission to describe the rules that define how Amazon VPC IP Address Manager (IPAM) pools allocate IP addresses to AWS resource types within an IPAM policy",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "ipam-policy",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "getipampolicyorganizationtargets": {
+    "name": "GetIpamPolicyOrganizationTargets",
+    "description": "Grants permission to retrieve the AWS Organizations targets associated with an Amazon VPC IP Address Manager (IPAM) policy",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "ipam-policy",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "getipampoolallocations": {
+    "name": "GetIpamPoolAllocations",
+    "description": "Grants permission to get a list of all the CIDR allocations in an Amazon VPC IP Address Manager (IPAM) pool",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "ipam-pool",
         "required": true,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
@@ -13742,13 +14755,13 @@
     ],
     "dependentActions": []
   },
-  "getipamdiscoveredpublicaddresses": {
-    "name": "GetIpamDiscoveredPublicAddresses",
-    "description": "Grants permission to retrieve the public IP addresses that have been discovered by IPAM",
+  "getipampoolcidrs": {
+    "name": "GetIpamPoolCidrs",
+    "description": "Grants permission to get the CIDRs provisioned to an Amazon VPC IP Address Manager (IPAM) pool",
     "accessLevel": "Read",
     "resourceTypes": [
       {
-        "name": "ipam-resource-discovery",
+        "name": "ipam-pool",
         "required": true,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
@@ -13762,13 +14775,13 @@
     ],
     "dependentActions": []
   },
-  "getipamdiscoveredresourcecidrs": {
-    "name": "GetIpamDiscoveredResourceCidrs",
-    "description": "Grants permission to retrieve the resource CIDRs that are monitored as part of a resource discovery",
+  "getipamprefixlistresolverrules": {
+    "name": "GetIpamPrefixListResolverRules",
+    "description": "Grants permission to get rules for an IPAM prefix list resolver",
     "accessLevel": "Read",
     "resourceTypes": [
       {
-        "name": "ipam-resource-discovery",
+        "name": "ipam-prefix-list-resolver",
         "required": true,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
@@ -13782,13 +14795,13 @@
     ],
     "dependentActions": []
   },
-  "getipampoolallocations": {
-    "name": "GetIpamPoolAllocations",
-    "description": "Grants permission to get a list of all the CIDR allocations in an Amazon VPC IP Address Manager (IPAM) pool",
-    "accessLevel": "List",
+  "getipamprefixlistresolverversionentries": {
+    "name": "GetIpamPrefixListResolverVersionEntries",
+    "description": "Grants permission to get CIDR entries for a specific version of an IPAM prefix list resolver",
+    "accessLevel": "Read",
     "resourceTypes": [
       {
-        "name": "ipam-pool",
+        "name": "ipam-prefix-list-resolver",
         "required": true,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
@@ -13802,13 +14815,13 @@
     ],
     "dependentActions": []
   },
-  "getipampoolcidrs": {
-    "name": "GetIpamPoolCidrs",
-    "description": "Grants permission to get the CIDRs provisioned to an Amazon VPC IP Address Manager (IPAM) pool",
+  "getipamprefixlistresolverversions": {
+    "name": "GetIpamPrefixListResolverVersions",
+    "description": "Grants permission to get versions of an IPAM prefix list resolver",
     "accessLevel": "Read",
     "resourceTypes": [
       {
-        "name": "ipam-pool",
+        "name": "ipam-prefix-list-resolver",
         "required": true,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
@@ -13900,6 +14913,7 @@
         "required": true,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
+          "ec2:IpamPrefixListResolverTargetId",
           "ec2:ResourceTag/${TagKey}"
         ],
         "dependentActions": []
@@ -13920,6 +14934,7 @@
         "required": true,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
+          "ec2:IpamPrefixListResolverTargetId",
           "ec2:ResourceTag/${TagKey}"
         ],
         "dependentActions": []
@@ -14217,6 +15232,27 @@
     ],
     "dependentActions": []
   },
+  "gettransitgatewaymeteringpolicyentries": {
+    "name": "GetTransitGatewayMeteringPolicyEntries",
+    "description": "Grants permission to list the entries for a transit gateway metering policy",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "transit-gateway-metering-policy",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:transitGatewayMeteringPolicyId"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "gettransitgatewaymulticastdomainassociations": {
     "name": "GetTransitGatewayMulticastDomainAssociations",
     "description": "Grants permission to get information about the associations for a transit gateway multicast domain",
@@ -14391,6 +15427,28 @@
     ],
     "dependentActions": []
   },
+  "getvpcresourcesblockingencryptionenforcement": {
+    "name": "GetVpcResourcesBlockingEncryptionEnforcement",
+    "description": "Grants permission to describe resources that would block VPC Encryption Control enforcement",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "vpc",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:Tenancy",
+          "ec2:VpcID"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "getvpnconnectiondevicesampleconfiguration": {
     "name": "GetVpnConnectionDeviceSampleConfiguration",
     "description": "Grants permission to download an AWS-provided sample configuration file to be used with the customer gateway device",
@@ -14731,6 +15789,16 @@
     ],
     "dependentActions": []
   },
+  "listvolumesinrecyclebin": {
+    "name": "ListVolumesInRecycleBin",
+    "description": "Grants permission to list EBS volumes in Recycle Bin",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "locksnapshot": {
     "name": "LockSnapshot",
     "description": "Grants permission to lock an Amazon EBS snapshot in either governance or compliance mode to protect it against accidental or malicious deletions",
@@ -15577,6 +16645,35 @@
     ],
     "dependentActions": []
   },
+  "modifyipampolicyallocationrules": {
+    "name": "ModifyIpamPolicyAllocationRules",
+    "description": "Grants permission to modify the rules that define how Amazon VPC IP Address Manager (IPAM) pools allocate IP addresses to AWS resource types within an IPAM policy",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "ipam-policy",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "ipam-pool",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "modifyipampool": {
     "name": "ModifyIpamPool",
     "description": "Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) pool",
@@ -15599,6 +16696,57 @@
     ],
     "dependentActions": []
   },
+  "modifyipamprefixlistresolver": {
+    "name": "ModifyIpamPrefixListResolver",
+    "description": "Grants permission to modify an IPAM prefix list resolver",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "ipam-prefix-list-resolver",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:Attribute",
+          "ec2:Attribute/${AttributeName}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "ipam-scope",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "modifyipamprefixlistresolvertarget": {
+    "name": "ModifyIpamPrefixListResolverTarget",
+    "description": "Grants permission to modify an IPAM prefix list resolver target",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "ipam-prefix-list-resolver-target",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "modifyipamresourcecidr": {
     "name": "ModifyIpamResourceCidr",
     "description": "Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) resource CIDR",
@@ -15755,6 +16903,7 @@
           "aws:ResourceTag/${TagKey}",
           "ec2:Attribute",
           "ec2:Attribute/${AttributeName}",
+          "ec2:IpamPrefixListResolverTargetId",
           "ec2:ResourceTag/${TagKey}"
         ],
         "dependentActions": []
@@ -15843,6 +16992,30 @@
     ],
     "dependentActions": []
   },
+  "modifyodbnetworkpeering": {
+    "name": "ModifyOdbNetworkPeering",
+    "isPermissionOnly": true,
+    "description": "Grants permission to allow Oracle Database@AWS to modify the settings of a peering connection between an ODB network and a VPC",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "vpc",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:Attribute/${AttributeName}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:Tenancy",
+          "ec2:VpcID"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "modifyprivatednsnameoptions": {
     "name": "ModifyPrivateDnsNameOptions",
     "description": "Grants permission to modify the options for instance hostnames for the specified instance",
@@ -16255,6 +17428,38 @@
     ],
     "dependentActions": []
   },
+  "modifytransitgatewaymeteringpolicy": {
+    "name": "ModifyTransitGatewayMeteringPolicy",
+    "description": "Grants permission to modify a transit gateway metering policy",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "transit-gateway-metering-policy",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:Attribute/${AttributeName}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:transitGatewayMeteringPolicyId"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "transit-gateway-attachment",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:transitGatewayAttachmentId"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "modifytransitgatewayprefixlistreference": {
     "name": "ModifyTransitGatewayPrefixListReference",
     "description": "Grants permission to modify a transit gateway prefix list reference",
@@ -16640,6 +17845,27 @@
     ],
     "dependentActions": []
   },
+  "modifyvpcencryptioncontrol": {
+    "name": "ModifyVpcEncryptionControl",
+    "description": "Grants permission to modify an existing VPC Encryption Control",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "vpc-encryption-control",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:Attribute/${AttributeName}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "modifyvpcendpoint": {
     "name": "ModifyVpcEndpoint",
     "description": "Grants permission to modify an attribute of a VPC endpoint",
@@ -18505,6 +19731,37 @@
     ],
     "dependentActions": []
   },
+  "restorevolumefromrecyclebin": {
+    "name": "RestoreVolumeFromRecycleBin",
+    "description": "Grants permission to restore an EBS volume from Recycle Bin",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "volume",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:AvailabilityZone",
+          "ec2:AvailabilityZoneId",
+          "ec2:Encrypted",
+          "ec2:ParentSnapshot",
+          "ec2:ParentVolume",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:VolumeID",
+          "ec2:VolumeInitializationRate",
+          "ec2:VolumeIops",
+          "ec2:VolumeSize",
+          "ec2:VolumeThroughput",
+          "ec2:VolumeType"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "revokeclientvpningress": {
     "name": "RevokeClientVpnIngress",
     "description": "Grants permission to remove an inbound authorization rule from a Client VPN endpoint",
@@ -19543,6 +20800,42 @@
     ],
     "dependentActions": []
   },
+  "updateinterruptiblecapacityreservationallocation": {
+    "name": "UpdateInterruptibleCapacityReservationAllocation",
+    "description": "Grants permission to update the number of instances allocated to an interruptible reservation, allowing you to add more capacity or reclaim capacity to your source Capacity Reservation",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "capacity-reservation",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:AvailabilityZone",
+          "ec2:AvailabilityZoneId",
+          "ec2:CreateDate",
+          "ec2:EbsOptimized",
+          "ec2:EndDate",
+          "ec2:EndDateType",
+          "ec2:InstanceCount",
+          "ec2:InstanceMatchCriteria",
+          "ec2:InstancePlatform",
+          "ec2:InstanceType",
+          "ec2:InterruptibleCapacityReservationId",
+          "ec2:InterruptionType",
+          "ec2:IsInterruptible",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:SourceCapacityReservationId",
+          "ec2:TargetInstanceCount",
+          "ec2:Tenancy"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "updatesecuritygroupruledescriptionsegress": {
     "name": "UpdateSecurityGroupRuleDescriptionsEgress",
     "description": "Grants permission to update descriptions for one or more outbound rules in a VPC security group",